Many organizations, such as companies and nonprofit organizations, use application programs to manage various resources, such as financial records, inventories, transaction histories, and other databases. These application programs include point of sale programs, accounting programs, customer relation management programs, enterprise resource management programs, security programs and so on. Some application programs may be multi-user programs installed on each of several front-end computers connected via a communications link, each front-end computer providing a user with access to the application program. For example, a retail store may provide front-end computers at each of several checkout lanes where a cashier can access the application program and conduct various transactions. A user may first logon to a front-end computer using a pre-established account on the front-end computer and then execute the application program. Alternatively, the front-end computer may already be logged into an account, such as a guest account, or may allow any user to execute the application program without logging on. Application programs may manage, or have access to, privileged or confidential information or resources (e.g., customer data, credit card information, transaction records, or secured premises) and require varying levels of access to these resources. For example, a retail cashier may be able to view customer data and perform sales transactions while a retail manager may be able to edit customer data and void transactions in addition to being able to perform all of the actions a cashier can perform.
Some application programs authenticate and authorize access to resources using proprietary or third-party security mechanisms built into the application program. For example, a point of sale application program may store credentials and user account information at a primary computer and prompt users to provide credentials to logon to their account each time they require access to the application program. When the user provides credentials, the application program may transmit the credentials to an instance of the application program at the primary computer to authenticate the user and authorize requests from users to access data. Alternatively, credentials and account information may be distributed to front-end computers periodically so that the application program can authenticate and authorize requests from users to access data without accessing a primary computer. However, distributing credentials and account information can create latency issues. For example, a computer may not be available when the information is distributed and new users or users whose account and credential information has changed may be unable to connect to the application program until the next distribution.
Requiring application program providers to integrate security features into their application programs and maintain these features can be time consuming, expensive, and duplicative for the providers as each application program provider may need to implement their own security mechanisms or incorporate third-party security modules. Further complicating this problem is the requirement that the security features of these application programs comply with various industry standards, such as the Payment Card Industry (PCI) Data Security Standard and Payment Application Best Practices (PABP), set forth by various standards-setting bodies, such as the PCI Security Standards Council and Visa Inc. Application program providers must continually update their application programs to meet these changing standards or face security risks, loss of customer confidence, and loss of accreditation.